CVE-2018-0580 Information
Feb 14, 2021
cve
Description
Untrusted search path vulnerability in CELSYS Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier with its timestamp prior to April 25 2018 12:11:31 and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier with its timestamp prior to April 25 2018 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://www.clipstudio.net/en/dl https://jvn.jp/en/jp/JVN68345747/ https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: